855dcd36...2ca3

VTI SCORE: 98/100

Dynamic Analysis Report

Classification:

Threat Names:

BUDDINGPULVERS.exe

Windows Exe (x86-32)

Created 5 years ago

VMRay Threat Identifiers (13 rules, 19 matches)

Severity	Category	Operation	Count	Classification
4/5	User Data Modification	Modifies Windows automatic backups	1	-
4/5	Injection	Writes into the memory of another running process	1	-
4/5	Injection	Modifies control flow of another process	1	-
3/5	Anti Analysis	Tries to evade debugger	1	-
3/5	YARA	Suspicious content matched by YARA rules	2	-
2/5	Obfuscation	Resolves APIs dynamically to possibly evade static detection	1	-
2/5	Anti Analysis	Creates an unusually large number of processes	1	-
2/5	Anti Analysis	Makes direct system call to possibly evade hooking based sandboxes	2	-
1/5	Hide Tracks	Creates process with hidden window	5	-
1/5	Obfuscation	Creates a page with write and execute permissions	1	-

Screenshots

Monitored Processes

MITRE ATT&CK™ Matrix - Windows

ActiveAll

Version: 2019-04-25 20:53:07.719000

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Software Packing

Hidden Window

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Standard Application Layer Protocol

Exfiltration

Impact

Inhibit System Recovery

Sample Information

ID	#834767
MD5	a4e1caab1b9642ef645b6549ca09d303
SHA1	da0cd782f32088c0df8cd62deda1c61b4cedd6fb
SHA256	855dcd368dbb01539e7efa4b3fefa9b56d197db87b1ba3ede5e1f95927ea2ca3
SSDeep	768:nAqGAtr4sozjTFpy3RlyvK6WZmYNnYIzxz84k567+tb+pA:AqGcAFp6ynCvNnY8t8Z5E+t6p
ImpHash	3c9f900665a4beb93988dde083f7e392
Filename	BUDDINGPULVERS.exe
File Size	88.00 KB
Sample Type	Windows Exe (x86-32)

Analysis Information

Creation Time	2020-05-09 23:05 (UTC+)
Analysis Duration	00:04:00
Number of Monitored Processes	89
Execution Successful
Reputation Enabled
WHOIS Enabled
Local AV Enabled
Local AV Applied On	Sample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps
YARA Enabled
YARA Applied On	Sample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps
Number of AV Matches	0
Number of YARA Matches	10
Termination Reason	Timeout

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".